[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
The branch OpenSSL_1_0_2-stable has been updated via 6180c0ff0c34b4029bd9d1bec519c8cbc6be4808 (commit) from 32cc4c2627e8f582d906b03abf763f682c7f96dd (commit) - Log - commit 6180c0ff0c34b4029bd9d1bec519c8cbc6be4808 Author: Marcus MeissnerDate: Tue Sep 6 11:01:21 2016 +0200 initialize the RSA struct to 0. This helps with program code linked against static builds accessing a uninitialized ->engine pointer. CLA: none; trivial Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1540) --- Summary of changes: crypto/rsa/rsa_lib.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index a6805de..6ea6b40 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -143,6 +143,7 @@ RSA *RSA_new_method(ENGINE *engine) RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); return NULL; } +memset(ret,0,sizeof(RSA)); ret->meth = RSA_get_default_method(); #ifndef OPENSSL_NO_ENGINE _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Fixed: openssl/openssl#6078 (master - 28aef3d)
Build Update for openssl/openssl - Build: #6078 Status: Fixed Duration: 31 minutes and 9 seconds Commit: 28aef3d (master) Author: FdaSilvaYY Message: Remove an option related to a deprecated flag CMS_NOOLDMIMETYPE and PKCS7_NOOLDMIMETYPE are unused in pkcs7/cms code. Reviewed-by: Andy PolyakovReviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1585) View the changeset: https://github.com/openssl/openssl/compare/9205ebeb8e44...28aef3d9558d View the full build log and details: https://travis-ci.org/openssl/openssl/builds/161208157 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 3fd181a8b5b85a1f7383e82438da494a08f7d843 (commit) from 90edd7ad0fb0d8b1eb5bb6d587a6359f17a39230 (commit) - Log - commit 3fd181a8b5b85a1f7383e82438da494a08f7d843 Author: FdaSilvaYYDate: Sat Sep 17 21:29:48 2016 +0200 Remove an option related to a deprecated flag CMS_NOOLDMIMETYPE and PKCS7_NOOLDMIMETYPE are unused in pkcs7/cms code. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1585) (cherry picked from commit 28aef3d9558dc2e11ba56576b3a4d3faaef8a9d3) --- Summary of changes: apps/cms.c | 6 +- apps/smime.c | 6 +- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index ad292f5..133dc02 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -72,7 +72,7 @@ typedef enum OPTION_choice { OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID, OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF, -OPT_NOINDEF, OPT_NOOLDMIME, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT, +OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT, OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE, OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT, OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, @@ -131,7 +131,6 @@ OPTIONS cms_options[] = { {"stream", OPT_INDEF, '-', "Enable CMS streaming"}, {"indef", OPT_INDEF, '-', "Same as -stream"}, {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, -{"nooldmime", OPT_NOOLDMIME, '-'}, {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" }, {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"}, {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" }, @@ -347,9 +346,6 @@ int cms_main(int argc, char **argv) case OPT_NOINDEF: flags &= ~CMS_STREAM; break; -case OPT_NOOLDMIME: -flags |= CMS_NOOLDMIMETYPE; -break; case OPT_CRLFEOL: mime_eol = "\r\n"; flags |= CMS_CRLFEOL; diff --git a/apps/smime.c b/apps/smime.c index 082109b..1f4091f 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -37,7 +37,7 @@ typedef enum OPTION_choice { OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN, OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF, -OPT_NOOLDMIME, OPT_CRLFEOL, OPT_RAND, OPT_ENGINE, OPT_PASSIN, +OPT_CRLFEOL, OPT_RAND, OPT_ENGINE, OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD, OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE, OPT_V_ENUM, @@ -95,7 +95,6 @@ OPTIONS smime_options[] = { {"stream", OPT_STREAM, '-', "Enable CMS streaming" }, {"indef", OPT_INDEF, '-', "Same as -stream" }, {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, -{"nooldmime", OPT_NOOLDMIME, '-', NULL}, {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"}, {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, @@ -221,9 +220,6 @@ int smime_main(int argc, char **argv) case OPT_NOINDEF: indef = 0; break; -case OPT_NOOLDMIME: -flags |= PKCS7_NOOLDMIMETYPE; -break; case OPT_CRLFEOL: flags |= PKCS7_CRLFEOL; mime_eol = "\r\n"; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 90edd7ad0fb0d8b1eb5bb6d587a6359f17a39230 (commit) from 57106f55a5de6186af4ff78484d99528a6935be4 (commit) - Log - commit 90edd7ad0fb0d8b1eb5bb6d587a6359f17a39230 Author: FdaSilvaYYDate: Sun Jul 31 19:02:50 2016 +0200 Fix various missing option help messages ... Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1585) (cherry picked from commit 12d56b2992ebd61e1b30c99ca1898dde42345cf7) --- Summary of changes: apps/cms.c| 19 ++- apps/crl.c| 2 +- apps/gendsa.c | 2 +- apps/ocsp.c | 6 -- apps/pkcs7.c | 2 +- apps/pkcs8.c | 2 +- apps/smime.c | 17 + apps/spkac.c | 3 ++- apps/ts.c | 2 +- apps/x509.c | 16 10 files changed, 38 insertions(+), 33 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index b9eec24..ad292f5 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -99,7 +99,7 @@ OPTIONS cms_options[] = { {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"}, {"sign", OPT_SIGN, '-', "Sign message"}, {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"}, -{"resign", OPT_RESIGN, '-'}, +{"resign", OPT_RESIGN, '-', "Resign a signed message"}, {"verify", OPT_VERIFY, '-', "Verify signed message"}, {"verify_retcode", OPT_VERIFY_RETCODE, '-'}, {"verify_receipt", OPT_VERIFY_RECEIPT, '<'}, @@ -122,22 +122,22 @@ OPTIONS cms_options[] = { "Don't include signers certificate when signing"}, {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"}, {"nodetach", OPT_NODETACH, '-', "Use opaque signing"}, -{"nosmimecap", OPT_NOSMIMECAP, '-'}, +{"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"}, {"binary", OPT_BINARY, '-', "Don't translate message to text"}, {"keyid", OPT_KEYID, '-', "Use subject key identifier"}, {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"}, {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'}, {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'}, -{"stream", OPT_INDEF, '-'}, -{"indef", OPT_INDEF, '-'}, -{"noindef", OPT_NOINDEF, '-'}, +{"stream", OPT_INDEF, '-', "Enable CMS streaming"}, +{"indef", OPT_INDEF, '-', "Same as -stream"}, +{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, {"nooldmime", OPT_NOOLDMIME, '-'}, -{"crlfeol", OPT_CRLFEOL, '-'}, +{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" }, {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"}, -{"receipt_request_print", OPT_RR_PRINT, '-'}, +{"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" }, {"receipt_request_all", OPT_RR_ALL, '-'}, {"receipt_request_first", OPT_RR_FIRST, '-'}, -{"rctform", OPT_RCTFORM, 'F'}, +{"rctform", OPT_RCTFORM, 'F', "Receipt file format"}, {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, {"CApath", OPT_CAPATH, '/', "trusted certificates directory"}, @@ -147,7 +147,8 @@ OPTIONS cms_options[] = { "Do not load certificates from the default certificates directory"}, {"content", OPT_CONTENT, '<', "Supply or override content for detached signature"}, -{"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields of the CMS structure"}, +{"print", OPT_PRINT, '-', + "For the -cmsout operation print out all fields of the CMS structure"}, {"secretkey", OPT_SECRETKEY, 's'}, {"secretkeyid", OPT_SECRETKEYID, 's'}, {"pwri_password", OPT_PWRI_PASSWORD, 's'}, diff --git a/apps/crl.c b/apps/crl.c index 5e0fbe5..06b6e5b 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -41,7 +41,7 @@ OPTIONS crl_options[] = { {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"}, {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"}, {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" }, -{"gendelta", OPT_GENDELTA, '<'}, +{"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"}, {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"}, {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"}, {"no-CAfile", OPT_NOCAFILE, '-', diff --git a/apps/gendsa.c b/apps/gendsa.c index 5dacf1b..4c05493 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -34,7 +34,7 @@ OPTIONS gendsa_options[] = { {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, {"out", OPT_OUT, '>', "Output the key to the specified
[openssl-commits] [openssl] master update
The branch master has been updated via 28aef3d9558dc2e11ba56576b3a4d3faaef8a9d3 (commit) via 12d56b2992ebd61e1b30c99ca1898dde42345cf7 (commit) from 9205ebeb8e448b2d6948b9e5d78ecf309c0ed33c (commit) - Log - commit 28aef3d9558dc2e11ba56576b3a4d3faaef8a9d3 Author: FdaSilvaYYDate: Sat Sep 17 21:29:48 2016 +0200 Remove an option related to a deprecated flag CMS_NOOLDMIMETYPE and PKCS7_NOOLDMIMETYPE are unused in pkcs7/cms code. Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1585) commit 12d56b2992ebd61e1b30c99ca1898dde42345cf7 Author: FdaSilvaYY Date: Sun Jul 31 19:02:50 2016 +0200 Fix various missing option help messages ... Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1585) --- Summary of changes: apps/cms.c| 25 +++-- apps/crl.c| 2 +- apps/gendsa.c | 2 +- apps/ocsp.c | 6 -- apps/pkcs7.c | 2 +- apps/pkcs8.c | 2 +- apps/smime.c | 21 + apps/spkac.c | 3 ++- apps/ts.c | 2 +- apps/x509.c | 16 10 files changed, 39 insertions(+), 42 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index b9eec24..133dc02 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -72,7 +72,7 @@ typedef enum OPTION_choice { OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID, OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF, -OPT_NOINDEF, OPT_NOOLDMIME, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT, +OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT, OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE, OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT, OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, @@ -99,7 +99,7 @@ OPTIONS cms_options[] = { {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"}, {"sign", OPT_SIGN, '-', "Sign message"}, {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"}, -{"resign", OPT_RESIGN, '-'}, +{"resign", OPT_RESIGN, '-', "Resign a signed message"}, {"verify", OPT_VERIFY, '-', "Verify signed message"}, {"verify_retcode", OPT_VERIFY_RETCODE, '-'}, {"verify_receipt", OPT_VERIFY_RECEIPT, '<'}, @@ -122,22 +122,21 @@ OPTIONS cms_options[] = { "Don't include signers certificate when signing"}, {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"}, {"nodetach", OPT_NODETACH, '-', "Use opaque signing"}, -{"nosmimecap", OPT_NOSMIMECAP, '-'}, +{"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"}, {"binary", OPT_BINARY, '-', "Don't translate message to text"}, {"keyid", OPT_KEYID, '-', "Use subject key identifier"}, {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"}, {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'}, {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'}, -{"stream", OPT_INDEF, '-'}, -{"indef", OPT_INDEF, '-'}, -{"noindef", OPT_NOINDEF, '-'}, -{"nooldmime", OPT_NOOLDMIME, '-'}, -{"crlfeol", OPT_CRLFEOL, '-'}, +{"stream", OPT_INDEF, '-', "Enable CMS streaming"}, +{"indef", OPT_INDEF, '-', "Same as -stream"}, +{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, +{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" }, {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"}, -{"receipt_request_print", OPT_RR_PRINT, '-'}, +{"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" }, {"receipt_request_all", OPT_RR_ALL, '-'}, {"receipt_request_first", OPT_RR_FIRST, '-'}, -{"rctform", OPT_RCTFORM, 'F'}, +{"rctform", OPT_RCTFORM, 'F', "Receipt file format"}, {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, {"CApath", OPT_CAPATH, '/', "trusted certificates directory"}, @@ -147,7 +146,8 @@ OPTIONS cms_options[] = { "Do not load certificates from the default certificates directory"}, {"content", OPT_CONTENT, '<', "Supply or override content for detached signature"}, -{"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields of the CMS structure"}, +{"print", OPT_PRINT, '-', + "For the -cmsout operation print out all fields of the CMS structure"}, {"secretkey", OPT_SECRETKEY, 's'}, {"secretkeyid", OPT_SECRETKEYID, 's'}, {"pwri_password", OPT_PWRI_PASSWORD, 's'}, @@ -346,9
[openssl-commits] Broken: openssl/openssl#6076 (master - 9205ebe)
Build Update for openssl/openssl - Build: #6076 Status: Broken Duration: 37 minutes and 46 seconds Commit: 9205ebe (master) Author: Matt Caswell Message: Convert num_alloc to a size_t in stack.c and tweak style We were casting num_alloc to size_t in lots of places, or just using it in a context where size_t makes more sense - so convert it. This simplifies the code a bit. Also tweak the style in stack.c a bit following on from the previous commit Reviewed-by: Rich SalzView the changeset: https://github.com/openssl/openssl/compare/e2562bbbe1e1...9205ebeb8e44 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/161179526 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Errored: FdaSilvaYY/openssl#1997 (fix-install-typo - 6e80e6c)
Build Update for FdaSilvaYY/openssl - Build: #1997 Status: Errored Duration: 6 minutes and 39 seconds Commit: 6e80e6c (fix-install-typo) Author: FdaSilvaYY Message: Update INSTALL about no-md5 removal no-rsa is no longer an option since 7ec8de1 Fix a typo about poly1305 View the changeset: https://github.com/FdaSilvaYY/openssl/compare/0522b75bf33b...6e80e6c37625 View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/161114017 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Build completed: openssl 1.0.1277
Build openssl 1.0.1277 completed Commit 03aeb6a541 by FdaSilvaYY on 9/19/2016 9:36 PM: Clean whitespaces on line ending Configure your notification preferences _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 9205ebeb8e448b2d6948b9e5d78ecf309c0ed33c (commit) via 9731a9ce7d0f404d21ed418f9bc983b174e130cb (commit) from e2562bbbe1e1c68ec5a3e02c1f151fd6149ee2ae (commit) - Log - commit 9205ebeb8e448b2d6948b9e5d78ecf309c0ed33c Author: Matt CaswellDate: Thu Sep 8 11:06:29 2016 +0100 Convert num_alloc to a size_t in stack.c and tweak style We were casting num_alloc to size_t in lots of places, or just using it in a context where size_t makes more sense - so convert it. This simplifies the code a bit. Also tweak the style in stack.c a bit following on from the previous commit Reviewed-by: Rich Salz commit 9731a9ce7d0f404d21ed418f9bc983b174e130cb Author: Guido Vranken Date: Thu Sep 8 10:43:37 2016 +0100 Prevent overflows in stack API Reviewed-by: Rich Salz Reviewed-by: Matt Caswell --- Summary of changes: crypto/stack/stack.c | 53 +--- 1 file changed, 38 insertions(+), 15 deletions(-) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index acd350a..1d01936 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -9,6 +9,7 @@ #include #include "internal/cryptlib.h" +#include "internal/numbers.h" #include #include @@ -16,7 +17,7 @@ struct stack_st { int num; const char **data; int sorted; -int num_alloc; +size_t num_alloc; OPENSSL_sk_compfunc comp; }; @@ -40,6 +41,9 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk) { OPENSSL_STACK *ret; +if (sk->num < 0) +return NULL; + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) return NULL; @@ -62,13 +66,16 @@ OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk, OPENSSL_STACK *ret; int i; +if (sk->num < 0) +return NULL; + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) return NULL; /* direct structure assignment */ *ret = *sk; -ret->num_alloc = sk->num > MIN_NODES ? sk->num : MIN_NODES; +ret->num_alloc = sk->num > MIN_NODES ? (size_t)sk->num : MIN_NODES; ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc); if (ret->data == NULL) { OPENSSL_free(ret); @@ -113,28 +120,44 @@ OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c) int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc) { -const char **s; - -if (st == NULL) +if (st == NULL || st->num < 0 || st->num == INT_MAX) { return 0; -if (st->num_alloc <= st->num + 1) { -s = OPENSSL_realloc((char *)st->data, -(unsigned int)sizeof(char *) * st->num_alloc * 2); -if (s == NULL) -return (0); -st->data = s; -st->num_alloc *= 2; } -if ((loc >= (int)st->num) || (loc < 0)) + +if (st->num_alloc <= (size_t)(st->num + 1)) { +size_t doub_num_alloc = st->num_alloc * 2; + +/* Overflow checks */ +if (doub_num_alloc < st->num_alloc) +return 0; + +/* Avoid overflow due to multiplication by sizeof(char *) */ +if (doub_num_alloc > SIZE_MAX / sizeof(char *)) +return 0; + +st->data = OPENSSL_realloc((char *)st->data, + sizeof(char *) * doub_num_alloc); +if (st->data == NULL) { +/* + * Reset these counters to prevent subsequent operations on + * (now non-existing) heap memory + */ +st->num_alloc = 0; +st->num = 0; +return 0; +} +st->num_alloc = doub_num_alloc; +} +if ((loc >= st->num) || (loc < 0)) { st->data[st->num] = data; -else { +} else { memmove(>data[loc + 1], >data[loc], sizeof(st->data[0]) * (st->num - loc)); st->data[loc] = data; } st->num++; st->sorted = 0; -return (st->num); +return st->num; } void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p) _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via e2562bbbe1e1c68ec5a3e02c1f151fd6149ee2ae (commit) from 057c676afb2a69b7d2bb9cf6e895e720a2a62b78 (commit) - Log - commit e2562bbbe1e1c68ec5a3e02c1f151fd6149ee2ae Author: FdaSilvaYYDate: Mon Sep 12 22:42:37 2016 +0200 Update INSTALL about no-md5 removal no-rsa is no longer an option since 7ec8de1 Fix a typo about poly1305 Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1582) --- Summary of changes: INSTALL | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/INSTALL b/INSTALL index e3f47db..a6e8ea6 100644 --- a/INSTALL +++ b/INSTALL @@ -479,10 +479,9 @@ no- Build without support for the specified algorithm, where is one of: bf, blake2, camellia, cast, chacha, cmac, - des, dh, dsa, ecdh, ecdsa, idea, md4, md5, mdc2, ocb, - ploy1305, rc2, rc4, rmd160, scrypt, seed or whirlpool. The - "ripemd" algorithm is deprecated and if used is synonymous - with rmd160. + des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305, + rc2, rc4, rmd160, scrypt, seed or whirlpool. The "ripemd" + algorithm is deprecated and if used is synonymous with rmd160. -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will be passed through to the _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] Fixed: FdaSilvaYY/openssl#1991 (check_bn_wexpand_retcode - 2c5e455)
Build Update for FdaSilvaYY/openssl - Build: #1991 Status: Fixed Duration: 50 minutes and 22 seconds Commit: 2c5e455 (check_bn_wexpand_retcode) Author: FdaSilvaYY Message: Add missing checks on BN_copy return value View the changeset: https://github.com/FdaSilvaYY/openssl/compare/97667f6025ed...2c5e4556165c View the full build log and details: https://travis-ci.org/FdaSilvaYY/openssl/builds/16935 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 057c676afb2a69b7d2bb9cf6e895e720a2a62b78 (commit) from 81f9ce1e1965e0e33db6d2391285c4c1b6af0434 (commit) - Log - commit 057c676afb2a69b7d2bb9cf6e895e720a2a62b78 Author: Richard LevitteDate: Mon Sep 19 15:08:58 2016 +0200 Fix no-ocsp Some compilers complain about unused variables, and some tests do not run well without OCSP. Reviewed-by: Rich Salz --- Summary of changes: apps/s_client.c| 7 ++- apps/s_server.c| 11 ++- test/recipes/80-test_ssl_new.t | 4 +++- 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 0627ae8..41f6d48 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -856,7 +856,10 @@ int s_client_main(int argc, char **argv) enum { use_inet, use_unix, use_unknown } connect_type = use_unknown; int count4or6 = 0; int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0; -int c_tlsextdebug = 0, c_status_req = 0; +int c_tlsextdebug = 0; +#ifndef OPENSSL_NO_OCSP +int c_status_req = 0; +#endif BIO *bio_c_msg = NULL; FD_ZERO(); @@ -1067,7 +1070,9 @@ int s_client_main(int argc, char **argv) c_tlsextdebug = 1; break; case OPT_STATUS: +#ifndef OPENSSL_NO_OCSP c_status_req = 1; +#endif break; case OPT_WDEBUG: #ifdef WATT32 diff --git a/apps/s_server.c b/apps/s_server.c index ebab7a2..2051459 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -932,7 +932,10 @@ int s_server_main(int argc, char *argv[]) const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL; const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL; -int s_tlsextstatus = 0, no_resume_ephemeral = 0; +#ifndef OPENSSL_NO_OCSP +int s_tlsextstatus = 0; +#endif +int no_resume_ephemeral = 0; unsigned int split_send_fragment = 0, max_pipelines = 0; const char *s_serverinfo_file = NULL; @@ -1206,14 +1209,20 @@ int s_server_main(int argc, char *argv[]) s_tlsextdebug = 1; break; case OPT_STATUS: +#ifndef OPENSSL_NO_OCSP s_tlsextstatus = 1; +#endif break; case OPT_STATUS_VERBOSE: +#ifndef OPENSSL_NO_OCSP s_tlsextstatus = tlscstatp.verbose = 1; +#endif break; case OPT_STATUS_TIMEOUT: +#ifndef OPENSSL_NO_OCSP s_tlsextstatus = 1; tlscstatp.timeout = atoi(opt_arg()); +#endif break; case OPT_STATUS_URL: #ifndef OPENSSL_NO_OCSP diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 46c2f42..47eab18 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -44,6 +44,7 @@ my $no_npn = disabled("nextprotoneg"); my $no_ct = disabled("ct"); my $no_ec = disabled("ec"); my $no_ec2m = disabled("ec2m"); +my $no_ocsp = disabled("ocsp"); # Add your test here if the test conf.in generates test cases and/or # expectations dynamically based on the OpenSSL compile-time config. @@ -70,7 +71,8 @@ my %skip = ( # We should review this once we have TLS 1.3. "13-fragmentation.conf" => disabled("tls1_2"), "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m, - "16-dtls-certstatus.conf" => $no_dtls + "15-certstatus.conf" => $no_ocsp, + "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp, ); foreach my $conf (@conf_files) { _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [web] master update
The branch master has been updated via 08e980caee8d6252b0838e9924498db12083203b (commit) from 7257962abfb8d49deb3b9831fa6eeb7068284246 (commit) - Log - commit 08e980caee8d6252b0838e9924498db12083203b Author: Mark J. CoxDate: Mon Sep 19 14:00:52 2016 +0100 Add link to upcoming releases --- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index 4cad2ef..0a90069 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -4,6 +4,7 @@ # Format is two fields, colon-separated; the first line is the column # headings. URL paths must all be absolute. Date: Item +19-Sep-2016: OpenSSL 1.1.0a, 1.0.2i, 1.0.1u https://mta.openssl.org/pipermail/openssl-announce/2016-September/76.html;>security releases due 22nd Sep 2016 25-Aug-2016: OpenSSL 1.1.0 is now available 04-Aug-2016: Beta 3 (pre-release 6) of OpenSSL 1.1.0 is now available: please download and test it 03-May-2016: Security Advisory: several security fixes _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits